CVE-2007-4573
First published: Tue Sep 18 2007(Updated: )
The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <=2.6.22.6 | |
| Linux Linux kernel | <=2.4.35 | |
| redhat/kernel | <0:2.6.18-8.1.14.el5 | 0:2.6.18-8.1.14.el5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://marc.info/?l=full-disclosure&m=119062587407908&w=2
- http://lkml.org/lkml/2007/9/21/512
- http://lkml.org/lkml/2007/9/21/513
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.7
- http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35.3
- https://issues.rpath.com/browse/RPL-1754
- http://www.debian.org/security/2007/dsa-1381
- http://www.debian.org/security/2007/dsa-1378
- https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00355.html
- http://fedoranews.org/updates/FEDORA-2007-229.shtml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:196
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:195
- http://www.redhat.com/support/errata/RHSA-2007-0936.html
- http://www.redhat.com/support/errata/RHSA-2007-0937.html
- http://www.redhat.com/support/errata/RHSA-2007-0938.html
- http://www.novell.com/linux/security/advisories/2007_53_kernel.html
- http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html
- http://www.ubuntu.com/usn/usn-518-1
- http://www.securityfocus.com/bid/25774
- http://securitytracker.com/id?1018748
- http://secunia.com/advisories/26919
- http://secunia.com/advisories/26934
- http://secunia.com/advisories/26953
- http://secunia.com/advisories/26955
- http://secunia.com/advisories/26917
- http://secunia.com/advisories/26978
- http://secunia.com/advisories/26995
- http://secunia.com/advisories/26994
- http://secunia.com/advisories/27212
- http://secunia.com/advisories/27227
- http://secunia.com/advisories/27912
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:008
- http://www.debian.org/security/2008/dsa-1504
- http://secunia.com/advisories/29058
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
- http://www.vupen.com/english/advisories/2007/3246
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9735
- http://www.securityfocus.com/archive/1/480705/100/0/threaded
- http://www.securityfocus.com/archive/1/480451/100/0/threaded
- http://git.kernel.org/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=176df2457ef6207156ca1a40991c54ca01fef567
- https://rhn.redhat.com/errata/RHSA-2007-0936.html
- https://rhn.redhat.com/errata/RHSA-2007-0937.html
- https://rhn.redhat.com/errata/RHSA-2007-0938.html
- https://bugzilla.redhat.com/show_bug.cgi/ftp:/updates.redhat.com/enterprise/3AS/en/os/SRPMS/
- https://bugzilla.redhat.com/show_bug.cgi/ftp:/updates.redhat.com/enterprise/4AS/en/os/SRPMS/
- https://bugzilla.redhat.com/show_bug.cgi/ftp:/ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS
- http://rhn.redhat.com/errata/RHSA-2007-0936.html
- http://rhn.redhat.com/errata/RHSA-2007-0937.html
- http://rhn.redhat.com/errata/RHSA-2007-0938.html
- https://admin.fedoraproject.org/updates/F7/FEDORA-2007-2298
- https://bugzilla.redhat.com/show_bug.cgi?id=294541
- https://www.cve.org/CVERecord?id=CVE-2007-4573 https://nvd.nist.gov/vuln/detail/CVE-2007-4573
- https://access.redhat.com/errata/RHSA-2007:0938
- https://access.redhat.com/errata/RHSA-2007:0937
- https://access.redhat.com/errata/RHSA-2007:0936
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4573.json
Parent vulnerabilities
(Appears in the following advisories)
- collector/nvd-historical
- collector/nvd-index
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2007-4573
- agent/softwarecombine
- agent/first-publish-date
- agent/references
- agent/remedy
- agent/weakness
- agent/author
- agent/description
- agent/severity
- collector/redhat-cve
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- agent/trending
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/2.6.22.6
- version/linux linux kernel/2.4.35
- package-manager/redhat